File permission vulnerabilities and Module::Pluggable

Simon Wilcox essuu at ourshack.com
Wed Jan 21 08:58:06 GMT 2009


Simon Wistow wrote:
> So I've been thinking about adding that support however I'm slightly 
> conflicted at the moment about how it should work which is down to two 
> things -

I'd go for a major new version with the non-core bundled in and I can 
think of two ways to handle the transition:

1. On by default with an option to turn it off. Plenty of warnings all 
over the documentation. As this is a security related issue, most people 
would be OK with that I think. Anyone who blindly upgrades modules 
without testing their app gets what they deserve :-)

2. Alternatively on but non-fatal in the first release and have it spew 
warnings every time it loads a file that's unsafe. Give the users an 
option to make it fatal from the start and make that the recommended 
approach.

Plan to flip it to fatal by default at some defined point later on, say 
3 months, to make sure that every one gets the security benefits.

Personally I'd go with option 1. This is Security after all !

S.


More information about the london.pm mailing list